1. Field of the Invention
The present invention relates to key bit stream generation, such as the generation of a key bit stream such as is used, for example, for Vigenère encryption and decryption.
2. Description of Prior Art
In a plurality of cryptographic algorithms, a key bit stream is generated from a main key, or a master key, on the basis of which key bit stream the data stream to be encrypted will then be encrypted. These cryptographic algorithms include, for example, the Vigenère algorithm, or algorithms derived from same, wherein a key bit stream with a certain period duration is generated from a master key, and wherein this key bit stream is then linked, in a bitwise manner, with the data stream to be encrypted, to be precise by means of an XOR operation, or XOR linkage. The same procedure is adopted on the decryption side, meaning that the encrypted data stream is XORed, in a bitwise manner, with the same key bit stream which is generated in the same manner on the decryption side on the basis of the same master key.
For generating bit sequences with specific period durations, feedback shift registers, such as linear feedback shift registers (LFSRs) are mostly used even though it is also possible to use non-linear feedback shift registers, or NLFSRs. Even though the output signal of such a feedback shift register might directly be used as the key bit stream, use is mostly made of several feedback shift registers simultaneously, whose output bit sequences are then combined with each other in a bitwise manner so as to obtain the eventual key bit stream. FIG. 6 shows a potential arrangement of a key bit stream generation device 910 of this type. The key bit stream generation device 910 includes, by way of example, four LFSRs 912a, 912b, 912c and 912d. They have different period durations and are loaded, during initialization, i.e. at the beginning of the encryption or decryption, with different parts of a master key, respectively, permanently stored in a memory 914. The LSFRs 912a-d each generate bit sequences with their respective bit lengths and pass them on to a combiner 916 which combines the individual bit sequences of the LFSRs 912a-d in a bitwise manner using a Boolean combination function so as to obtain the eventual key bit stream and output same at an output 918.
Any encryption using the key bit stream generation device 910 of FIG. 6 is not safe from cryptographic attacks. For example, an attack scenario consists in an attacker trying to “crack” the encryption in a so-called known plain text attack. In this attack, an attacker uses a long text, or a long data stream, in a non-encrypted form (plain text) known to him/her so as to obtain the associated cipher from the cryptographic device, which uses the device 910 of FIG. 6, upon applying the plain text. To encrypt these known plain texts, the secret key from memory 914 is then used, of course. By means of this attack, the attacker may now readily calculate the encryption sequence and/or the key bit stream at output 918 of device 910. Subsequently, the attacker analyzes the key bit stream with the goal of finding out, on the one hand, the secret key given by the initial occupation of the flip-flops of the individual shift registers 912a-912d, and of determining, on the other hand, the precise form of the LFSRs 912a-912d in the encryption device which uses the key bit stream generation device 910.
Prior approaches to raise the security level of an encryption device on the device of FIG. 6 have so far consisted only in increasing the number of shift registers used, or the size of the shift registers. However, this entails an unacceptable increase in hardware costs, since cryptographic devices are frequently implemented in mass articles, such as chip cards or smart cards or the like, and such increases in manufacturing costs therefore have a pronounced impact on the profit margin. To save hardware costs, there is therefore a tendency towards a desire to build the encryption device, based on LFSRs or NLFSRs, as small as possible.